aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--moonv4/moon_db/moon_db/api/model.py10
-rw-r--r--moonv4/moon_manager/moon_manager/api/master.py345
-rw-r--r--moonv4/moon_manager/moon_manager/api/policies.py48
-rw-r--r--moonv4/moon_manager/moon_manager/messenger.py4
-rw-r--r--moonv4/moon_manager/requirements.txt3
-rw-r--r--moonv4/moon_orchestrator/moon_orchestrator/server.py10
-rw-r--r--moonv4/moon_secrouter/moon_secrouter/api/route.py55
-rw-r--r--moonv4/moon_secrouter/requirements.txt3
8 files changed, 456 insertions, 22 deletions
diff --git a/moonv4/moon_db/moon_db/api/model.py b/moonv4/moon_db/moon_db/api/model.py
index c1620da3..22a5a834 100644
--- a/moonv4/moon_db/moon_db/api/model.py
+++ b/moonv4/moon_db/moon_db/api/model.py
@@ -89,7 +89,7 @@ class ModelManager(Managers):
raise exceptions.SubjectCategoryExisting
# if not category_id:
# category_id = uuid4().hex
- return self.driver.add_subject_category(name=value["name"], description=value["description"])
+ return self.driver.add_subject_category(name=value["name"], description=value["description"], uuid=category_id)
@enforce(("read", "write"), "meta_data")
def delete_subject_category(self, user_id, category_id):
@@ -100,7 +100,7 @@ class ModelManager(Managers):
return self.driver.delete_subject_category(category_id=category_id)
@enforce("read", "meta_data")
- def get_object_categories(self, user_id, category_id):
+ def get_object_categories(self, user_id, category_id=None):
return self.driver.get_object_categories(category_id)
@enforce(("read", "write"), "meta_data")
@@ -109,7 +109,7 @@ class ModelManager(Managers):
raise exceptions.ObjectCategoryExisting
# if not category_id:
# category_id = uuid4().hex
- return self.driver.add_object_category(name=value["name"], description=value["description"])
+ return self.driver.add_object_category(name=value["name"], description=value["description"], uuid=category_id)
@enforce(("read", "write"), "meta_data")
def delete_object_category(self, user_id, category_id):
@@ -120,7 +120,7 @@ class ModelManager(Managers):
return self.driver.delete_object_category(category_id=category_id)
@enforce("read", "meta_data")
- def get_action_categories(self, user_id, category_id):
+ def get_action_categories(self, user_id, category_id=None):
return self.driver.get_action_categories(category_id=category_id)
@enforce(("read", "write"), "meta_data")
@@ -129,7 +129,7 @@ class ModelManager(Managers):
raise exceptions.ActionCategoryExisting
# if not category_id:
# category_id = uuid4().hex
- return self.driver.add_action_category(name=value["name"], description=value["description"])
+ return self.driver.add_action_category(name=value["name"], description=value["description"], uuid=category_id)
@enforce(("read", "write"), "meta_data")
def delete_action_category(self, user_id, category_id):
diff --git a/moonv4/moon_manager/moon_manager/api/master.py b/moonv4/moon_manager/moon_manager/api/master.py
new file mode 100644
index 00000000..e63406c5
--- /dev/null
+++ b/moonv4/moon_manager/moon_manager/api/master.py
@@ -0,0 +1,345 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from oslo_log import log as logging
+from moon_utilities.security_functions import call, notify
+from moon_db.core import PDPManager, PolicyManager, ModelManager
+
+LOG = logging.getLogger(__name__)
+
+
+class Master(object):
+ """
+ Retrieve the current status of all components.
+ """
+
+ __version__ = "0.1.0"
+ __policies = None
+ __policy_ids = []
+ __models = None
+ __model_ids = []
+ __meta_rules = None
+ __meta_rule_ids = []
+
+ @property
+ def policies(self):
+ if not self.__policies:
+ self.__policies = {}
+ if self.__policy_ids:
+ for policy_id in self.__policy_ids:
+ self.__policies.update(call("moon_manager",
+ method="get_policies",
+ ctx={
+ "id": policy_id,
+ "call_master": True,
+ "user_id": "admin"
+ },
+ args={})["policies"])
+ else:
+ self.__policies = call("moon_manager",
+ method="get_policies",
+ ctx={
+ "id": None,
+ "call_master": True,
+ "user_id": "admin"
+ },
+ args={})["policies"]
+ LOG.info("__get_policies={}".format(self.__policies))
+ return self.__policies
+
+ @property
+ def models(self):
+ if not self.__models:
+ self.__models = {}
+ if self.__model_ids:
+ for model_id in self.__model_ids:
+ self.__models.update(call("moon_manager",
+ method="get_models",
+ ctx={
+ "id": model_id,
+ "call_master": True,
+ "user_id": "admin"
+ },
+ args={})["models"])
+ else:
+ self.__models = call("moon_manager",
+ method="get_models",
+ ctx={
+ "id": None,
+ "call_master": True,
+ "user_id": "admin"
+ },
+ args={})["models"]
+ LOG.info("__get_models={}".format(self.__models))
+ return self.__models
+
+ @property
+ def meta_rules(self):
+ if not self.__meta_rules:
+ self.__meta_rules = {}
+ if self.__meta_rule_ids:
+ for meta_rule_id in self.__meta_rule_ids:
+ self.__meta_rules.update(call("moon_manager",
+ method="get_meta_rules",
+ ctx={
+ "meta_rule_id": meta_rule_id,
+ "call_master": True,
+ "user_id": "admin"
+ },
+ args={})["meta_rules"])
+ else:
+ self.__meta_rules = call("moon_manager",
+ method="get_meta_rules",
+ ctx={
+ "meta_rule_id": None,
+ "call_master": True,
+ "user_id": "admin"
+ },
+ args={})["meta_rules"]
+ LOG.info("__get_meta_rules={}".format(self.__meta_rules))
+ return self.__meta_rules
+
+ def __add_meta_data(self):
+ subject_categories = ModelManager.get_subject_categories("admin")
+ object_categories = ModelManager.get_object_categories("admin")
+ action_categories = ModelManager.get_action_categories("admin")
+ for meta_rule_id, meta_rule_value in self.meta_rules.items():
+ for _scat in meta_rule_value['subject_categories']:
+ if _scat not in subject_categories:
+ master_category = call("moon_manager", method="get_subject_categories",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": None,
+ },
+ args={"category_id": _scat})["subject_categories"]
+ ModelManager.add_subject_category("admin", _scat, master_category[_scat])
+ for _ocat in meta_rule_value['object_categories']:
+ if _ocat not in object_categories:
+ master_category = call("moon_manager", method="get_object_categories",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": None,
+ },
+ args={"category_id": _ocat})["object_categories"]
+ LOG.info("Add scat {} {}".format(_ocat, master_category[_ocat]))
+ ModelManager.add_object_category("admin", _ocat, master_category[_ocat])
+ for _acat in meta_rule_value['action_categories']:
+ if _acat not in action_categories:
+ master_category = call("moon_manager", method="get_action_categories",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": None,
+ },
+ args={"category_id": _acat})["action_categories"]
+ LOG.info("Add scat {} {}".format(_acat, master_category[_acat]))
+ ModelManager.add_action_category("admin", _acat, master_category[_acat])
+
+ def __add_meta_rule(self):
+ meta_rules = ModelManager.get_meta_rules("admin")
+ LOG.info("meta_rules={}".format(meta_rules))
+ for uuid, value in self.meta_rules.items():
+ if uuid not in meta_rules:
+ ModelManager.add_meta_rule("admin", uuid, value=value)
+
+ def __add_perimeter(self, subject_name=None, object_name=None):
+ for policy_id in self.policies:
+ subjects = call("moon_manager", method="get_subjects",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": policy_id,
+ },
+ args={"perimeter_id": None, "perimeter_name": subject_name})["subjects"]
+ for subject_id, subject_value in subjects.items():
+ # FIXME (asteroide): if a subject with the same name had been already created before
+ # it will not have the same ID as the subject in master
+ PolicyManager.add_subject("admin", policy_id=policy_id, perimeter_id=subject_id, value=subject_value)
+ for policy_id in self.policies:
+ objects = call("moon_manager", method="get_objects",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": policy_id,
+ },
+ args={"perimeter_id": None, "perimeter_name": object_name})["objects"]
+ for object_id, object_value in objects.items():
+ # FIXME (asteroide): if a object with the same name had been already created before
+ # it will not have the same ID as the object in master
+ PolicyManager.add_object("admin", policy_id=policy_id, perimeter_id=object_id, value=object_value)
+ for policy_id in self.policies:
+ actions = call("moon_manager", method="get_actions",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": policy_id,
+ },
+ args={"perimeter_id": None})["actions"]
+ for action_id, action_value in actions.items():
+ # FIXME (asteroide): if a action with the same name had been already created before
+ # it will not have the same ID as the action in master
+ PolicyManager.add_action("admin", policy_id=policy_id, perimeter_id=action_id, value=action_value)
+
+ def __add_data(self):
+ subject_categories = ModelManager.get_subject_categories("admin")
+ object_categories = ModelManager.get_object_categories("admin")
+ action_categories = ModelManager.get_action_categories("admin")
+ for policy_id in self.policies:
+ for category in subject_categories.keys():
+ subject_data = call("moon_manager", method="get_subject_data",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": policy_id,
+ "category_id": category
+ },
+ args={"data_id": None})["subject_data"]
+ if not subject_data:
+ continue
+ for data in subject_data:
+ PolicyManager.set_subject_data("admin", policy_id=policy_id,
+ category_id=data['category_id'], value=data)
+ for category in object_categories:
+ object_data = call("moon_manager", method="get_object_data",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": policy_id,
+ "category_id": category
+ },
+ args={"data_id": None})["object_data"]
+ if not object_data:
+ continue
+ for data in object_data:
+ PolicyManager.add_object_data("admin", policy_id=policy_id,
+ category_id=data['category_id'], value=data)
+ for category in action_categories:
+ action_data = call("moon_manager", method="get_action_data",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": policy_id,
+ "category_id": category
+ },
+ args={"data_id": None})["action_data"]
+ if not action_data:
+ continue
+ for data in action_data:
+ PolicyManager.add_action_data("admin", policy_id=policy_id,
+ category_id=data['category_id'], value=data)
+
+ def __add_assignments(self, subject_name=None, object_name=None):
+ for policy_id in self.policies:
+ assignments = call("moon_manager", method="get_subject_assignments",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": policy_id,
+ "perimeter_id": None,
+ "perimeter_name": subject_name,
+ "category_id": None,
+ },
+ args={})["subject_assignments"]
+ for assignment_id, assignment_value in assignments.items():
+ _subject_id = assignment_value['subject_id']
+ _category_id = assignment_value['category_id']
+ for _data_id in assignment_value['assignments']:
+ PolicyManager.add_subject_assignment("admin", policy_id=policy_id,
+ subject_id=_subject_id, category_id=_category_id,
+ data_id=_data_id)
+ assignments = call("moon_manager", method="get_object_assignments",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": policy_id,
+ "perimeter_id": None,
+ "perimeter_name": object_name,
+ "category_id": None,
+ },
+ args={})["object_assignments"]
+ for assignment_id, assignment_value in assignments.items():
+ _object_id = assignment_value['object_id']
+ _category_id = assignment_value['category_id']
+ for _data_id in assignment_value['assignments']:
+ PolicyManager.add_object_assignment("admin", policy_id=policy_id,
+ object_id=_object_id, category_id=_category_id,
+ data_id=_data_id)
+ assignments = call("moon_manager", method="get_action_assignments",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": policy_id,
+ "perimeter_id": None,
+ "category_id": None,
+ },
+ args={})["action_assignments"]
+ for assignment_id, assignment_value in assignments.items():
+ _action_id = assignment_value['action_id']
+ _category_id = assignment_value['category_id']
+ for _data_id in assignment_value['assignments']:
+ PolicyManager.add_action_assignment("admin", policy_id=policy_id,
+ action_id=_action_id, category_id=_category_id,
+ data_id=_data_id)
+
+ def __add_rules(self):
+ for policy_id in self.policies:
+ _rules = call("moon_manager", method="get_rules",
+ ctx={
+ "user_id": "admin",
+ "call_master": True,
+ "id": policy_id,
+ "rule_id": None
+ },
+ args={})["rules"]
+ for rule in _rules["rules"]:
+ LOG.info("__add_rules {}".format(rule))
+ if rule["meta_rule_id"] in self.__meta_rule_ids:
+ PolicyManager.add_rule("admin",
+ policy_id=policy_id,
+ meta_rule_id=rule["meta_rule_id"],
+ value=rule)
+
+ def update_from_master(self, ctx, args):
+ LOG.info("update_from_master {}".format(ctx))
+ self.__policy_ids = ctx["security_pipeline"]
+
+ for policy_id, policy_value in self.policies.items():
+ self.__model_ids.append(policy_value["model_id"])
+
+ for model_id, model_value in self.models.items():
+ self.__meta_rule_ids.extend(model_value['meta_rules'])
+
+ self.__add_meta_data()
+
+ self.__add_meta_rule()
+
+ for policy_id in ctx["security_pipeline"]:
+ if policy_id in self.policies:
+ PolicyManager.add_policy("admin", policy_id, self.__policies[policy_id])
+
+ self.__add_perimeter(subject_name=ctx.get("subject_name"), object_name=ctx.get("object_name"))
+
+ self.__add_data()
+
+ self.__add_assignments(subject_name=ctx.get("subject_name"), object_name=ctx.get("object_name"))
+
+ self.__add_rules()
+
+ models = ModelManager.get_models("admin")
+ for model_id, model_value in self.models.items():
+ if model_id not in models:
+ ModelManager.add_model("admin", model_id, model_value)
+
+ pdp = PDPManager.add_pdp(user_id="admin", pdp_id=ctx["pdp_id"], value=args)
+ if "error" in pdp:
+ LOG.error("Error when adding PDP from master {}".format(pdp))
+ return False
+ LOG.info("pdp={}".format(pdp))
+ call("orchestrator", method="add_container",
+ ctx={"id": ctx.get("id"), "pipeline": ctx['security_pipeline']})
+ return True
+
diff --git a/moonv4/moon_manager/moon_manager/api/policies.py b/moonv4/moon_manager/moon_manager/api/policies.py
index 3c876fae..27e28a6c 100644
--- a/moonv4/moon_manager/moon_manager/api/policies.py
+++ b/moonv4/moon_manager/moon_manager/api/policies.py
@@ -64,7 +64,17 @@ class Perimeter(object):
def get_subjects(self, ctx, args):
try:
- data = self.manager.get_subjects(user_id=ctx["user_id"], policy_id=ctx["id"], perimeter_id=args['perimeter_id'])
+ data = self.manager.get_subjects(
+ user_id=ctx["user_id"],
+ policy_id=ctx["id"],
+ perimeter_id=args['perimeter_id']
+ )
+ if not args['perimeter_id']:
+ if "perimeter_name" in args:
+ for _data_id, _data_value in data.items():
+ if _data_value['name'] == args['perimeter_name']:
+ data = {_data_id: _data_value}
+ break
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
@@ -102,7 +112,17 @@ class Perimeter(object):
def get_objects(self, ctx, args):
try:
- data = self.manager.get_objects(user_id=ctx["user_id"], policy_id=ctx["id"], perimeter_id=args['perimeter_id'])
+ data = self.manager.get_objects(
+ user_id=ctx["user_id"],
+ policy_id=ctx["id"],
+ perimeter_id=args['perimeter_id']
+ )
+ if not args['perimeter_id']:
+ if "perimeter_name" in args:
+ for _data_id, _data_value in data.items():
+ if _data_value['name'] == args['perimeter_name']:
+ data = {_data_id: _data_value}
+ break
except Exception as e:
LOG.error(e, exc_info=True)
return {"result": False,
@@ -285,8 +305,30 @@ class Assignments(object):
def __init__(self):
self.manager = PolicyManager
+ def __get_subject_id(self, ctx, subject_name):
+ data = self.manager.get_subjects(
+ user_id=ctx["user_id"],
+ policy_id=ctx["id"],
+ perimeter_id=None
+ )
+ for _data_id, _data_value in data.items():
+ if _data_value['name'] == subject_name:
+ return _data_id
+
+ def __get_object_id(self, ctx, object_name):
+ data = self.manager.get_objects(
+ user_id=ctx["user_id"],
+ policy_id=ctx["id"],
+ perimeter_id=None
+ )
+ for _data_id, _data_value in data.items():
+ if _data_value['name'] == object_name:
+ return _data_id
+
def get_subject_assignments(self, ctx, args):
try:
+ if "perimeter_name" in args:
+ ctx["perimeter_id"] = self.__get_subject_id(ctx, args['perimeter_name'])
data = self.manager.get_subject_assignments(user_id=ctx["user_id"], policy_id=ctx["id"],
subject_id=ctx["perimeter_id"], category_id=ctx["category_id"])
except Exception as e:
@@ -322,6 +364,8 @@ class Assignments(object):
def get_object_assignments(self, ctx, args):
try:
+ if "perimeter_name" in args:
+ ctx["perimeter_id"] = self.__get_object_id(ctx, args['perimeter_name'])
data = self.manager.get_object_assignments(user_id=ctx["user_id"], policy_id=ctx["id"],
object_id=ctx["perimeter_id"], category_id=ctx["category_id"])
except Exception as e:
diff --git a/moonv4/moon_manager/moon_manager/messenger.py b/moonv4/moon_manager/moon_manager/messenger.py
index 784b9eab..3c44b6f6 100644
--- a/moonv4/moon_manager/moon_manager/messenger.py
+++ b/moonv4/moon_manager/moon_manager/messenger.py
@@ -12,6 +12,7 @@ from moon_utilities.api import APIList
from moon_manager.api.models import Models, MetaRules, MetaData
from moon_manager.api.policies import Policies, Perimeter, Data, Assignments, Rules
from moon_manager.api.pdp import PDP
+from moon_manager.api.master import Master
from moon_utilities.security_functions import call
from moon_utilities.exceptions import IntraExtensionUnknown
@@ -52,7 +53,8 @@ class Server:
Data(),
Assignments(),
Rules(),
- PDP()
+ PDP(),
+ Master()
]
self.server = oslo_messaging.get_rpc_server(self.transport, self.target, self.endpoints,
executor='threading',
diff --git a/moonv4/moon_manager/requirements.txt b/moonv4/moon_manager/requirements.txt
index 3b684f8d..a919c625 100644
--- a/moonv4/moon_manager/requirements.txt
+++ b/moonv4/moon_manager/requirements.txt
@@ -2,4 +2,5 @@ kombu !=4.0.1,!=4.0.0
oslo.messaging
oslo.config
vine
-oslo.log \ No newline at end of file
+oslo.log
+babel \ No newline at end of file
diff --git a/moonv4/moon_orchestrator/moon_orchestrator/server.py b/moonv4/moon_orchestrator/moon_orchestrator/server.py
index ef69af70..85d7d3f4 100644
--- a/moonv4/moon_orchestrator/moon_orchestrator/server.py
+++ b/moonv4/moon_orchestrator/moon_orchestrator/server.py
@@ -30,11 +30,6 @@ SLAVES = {}
docker = Client(base_url=CONF.docker_url)
-# def get_template(filename="template.dockerfile"):
-# simple_loader = FileSystemLoader(TEMPLATES_FOLDER)
-# env = Environment(loader=simple_loader)
-# return env.get_template(filename)
-
def kill_handler(signum, frame):
_exit(0)
@@ -102,7 +97,7 @@ def _exit(exit_number=0, error=None):
else:
docker.remove_container(container=_container)
- # TODO (dthom): put in the debug log
+ # TODO (asteroide): put in the debug log
if error:
LOG.info(str(error))
sys.exit(exit_number)
@@ -117,7 +112,8 @@ def __save_pid():
def server():
- # conf_file = options.configure(DOMAIN)
+ # TODO (asteroide): need to add some options:
+ # --foreground: run in foreground
__save_pid()
LOG.info("Starting server with IP {}".format(CONF.orchestrator.host))
diff --git a/moonv4/moon_secrouter/moon_secrouter/api/route.py b/moonv4/moon_secrouter/moon_secrouter/api/route.py
index 7cce1353..28a9a65f 100644
--- a/moonv4/moon_secrouter/moon_secrouter/api/route.py
+++ b/moonv4/moon_secrouter/moon_secrouter/api/route.py
@@ -88,7 +88,8 @@ API = {
"delete_action_assignment",
"get_rules",
"add_rule",
- "delete_rule"
+ "delete_rule",
+ "update_from_master"
),
"function": (
"authz",
@@ -125,6 +126,7 @@ class Cache(object):
self.__update_policies()
self.__update_models()
for key, value in self.__PDP.items():
+ LOG.info("Updating container_chaining with {}".format(value["keystone_project_id"]))
self.__update_container_chaining(value["keystone_project_id"])
@property
@@ -192,13 +194,19 @@ class Cache(object):
def __update_container_chaining(self, keystone_project_id):
container_ids = []
for pdp_id, pdp_value, in CACHE.pdp.items():
+ LOG.info("pdp_id, pdp_value = {}, {}".format(pdp_id, pdp_value))
if pdp_value:
if pdp_value["keystone_project_id"] == keystone_project_id:
for policy_id in pdp_value["security_pipeline"]:
model_id = CACHE.policies[policy_id]['model_id']
+ LOG.info("model_id = {}".format(model_id))
+ LOG.info("CACHE = {}".format(CACHE.models[model_id]))
for meta_rule_id in CACHE.models[model_id]["meta_rules"]:
+ LOG.info("CACHE.containers = {}".format(CACHE.containers))
for container_id, container_values, in CACHE.containers.items():
+ LOG.info("container_id, container_values = {}".format(container_id, container_values))
for container_value in container_values:
+ LOG.info("container_value[\"meta_rule_id\"] == meta_rule_id = {} {}".format(container_value["meta_rule_id"], meta_rule_id))
if container_value["meta_rule_id"] == meta_rule_id:
container_ids.append(
{
@@ -238,8 +246,13 @@ class AuthzRequest:
self.ctx = ctx
self.args = args
self.request_id = ctx["request_id"]
+ if self.ctx['id'] not in CACHE.container_chaining:
+ LOG.warning("Unknown Project ID {}".format(self.ctx['id']))
+ # TODO (asteroide): add a better exception handler
+ raise Exception("Unknown Project ID {}".format(self.ctx['id']))
self.container_chaining = CACHE.container_chaining[self.ctx['id']]
ctx["container_chaining"] = copy.deepcopy(self.container_chaining)
+ LOG.info("self.container_chaining={}".format(self.container_chaining))
self.pdp_container = self.container_chaining[0]["container_id"]
self.run()
@@ -332,11 +345,43 @@ class Router(object):
@staticmethod
def check_pdp(ctx):
_ctx = copy.deepcopy(ctx)
- if CONF.slave.slave_name:
- _ctx['call_master'] = True
+ keystone_id = _ctx.pop('id')
+ # LOG.info("_ctx {}".format(_ctx))
ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={})
- if "error" not in ext:
- return True
+ # LOG.info("check_pdp {}".format(ext))
+ if "error" in ext:
+ return False
+ keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values())
+ if not ext['pdps'] or keystone_id not in keystone_id_list:
+ if CONF.slave.slave_name:
+ _ctx['call_master'] = True
+ # update from master if exist and test again
+ LOG.info("Need to update from master {}".format(keystone_id))
+ ext = call("moon_manager", method="get_pdp", ctx=_ctx, args={})
+ if "error" in ext:
+ return False
+ keystone_id_list = map(lambda x: x["keystone_project_id"], ext['pdps'].values())
+ if not ext['pdps'] or keystone_id not in keystone_id_list:
+ return False
+ else:
+ # Must update from Master
+ _ctx["keystone_id"] = keystone_id
+ _ctx["pdp_id"] = None
+ _ctx["security_pipeline"] = None
+ _ctx['call_master'] = False
+ pdp_value = {}
+ for pdp_id, pdp_value in ext["pdps"].items():
+ if keystone_id == pdp_value["keystone_project_id"]:
+ _ctx["pdp_id"] = keystone_id
+ _ctx["security_pipeline"] = pdp_value["security_pipeline"]
+ break
+ call("moon_manager", method="update_from_master", ctx=_ctx, args=pdp_value)
+ CACHE.update()
+ return True
+ else:
+ # return False otherwise
+ return False
+ return True
def send_update(self, api, ctx={}, args={}):
# TODO (asteroide): add threads here
diff --git a/moonv4/moon_secrouter/requirements.txt b/moonv4/moon_secrouter/requirements.txt
index 3b684f8d..a919c625 100644
--- a/moonv4/moon_secrouter/requirements.txt
+++ b/moonv4/moon_secrouter/requirements.txt
@@ -2,4 +2,5 @@ kombu !=4.0.1,!=4.0.0
oslo.messaging
oslo.config
vine
-oslo.log \ No newline at end of file
+oslo.log
+babel \ No newline at end of file